Banned 1300+ IPs so far. WTF is up with the brute for attack on user "chamrone"
4 views
Skip to first unread message
cnysu...@gmail.com
May 17, 2019, 9:31:51 AM5/17/19
to
My server had never had a user named chamrone. It's doesn't look significant and it's not an admin account I'm aware of, but someone/something has been trying to brute force the password for over a month now by attempting an IMAP login.
They try 1 password from 1 IP address, then never use that IP again, or use it maybe once more. I ban each IP after the first try, however I'm just really confused by this.
The IPs are from all over the world, although few/none from the US, where I'm located.
Someone with a large botnet is spending time trying to guess the password for a nonexistent user.
Does anybody have any ideas what the purpose for this is?
It's not a security risk (AFAIK) because there is no user, but it's so persistent that I'm starting to think that something is going on that I'm just not aware of.
Anybody have any thoughts/ideas?
They try 1 password from 1 IP address, then never use that IP again, or use it maybe once more. I ban each IP after the first try, however I'm just really confused by this.
The IPs are from all over the world, although few/none from the US, where I'm located.
Someone with a large botnet is spending time trying to guess the password for a nonexistent user.
Does anybody have any ideas what the purpose for this is?
It's not a security risk (AFAIK) because there is no user, but it's so persistent that I'm starting to think that something is going on that I'm just not aware of.
Anybody have any thoughts/ideas?
Reply all
Reply to author
Forward
0 new messages